CVE-2022-20612

CVSS v3.1 4.3 (Medium)

CVSS v2.0 2.6 (Low)

EPSS 0.18 % (56^th)

Affected Products 2

Advisories 4

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-01-12 20:15:08
(2 years ago)
Updated Date: 2023-11-22 21:32:37
(10 months ago)

Affected Products

Jenkins

Jenkins

Oracle

Communications Cloud Native Core Automated Test Suite

Configuration #1

		CPE23	From	Up To
	Jenkins 2.319.1 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:lts		<= 2.319.1
	Jenkins 2.329 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:-		<= 2.329

Configuration #2

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Automated Test Suite 1.9.0	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0